TIL: Phoenix will kill your request PIDs when a client closes the TCP connection. it’s like the user has the option to pull the power from your server whenever they choose. I’m sure there won’t be any security issues related to this. #elixir

Remember 2^5 . 100 maximum fine applies if you fail to wear a mask on public transport. The same law was in effect when it was 2^0 . 100 minimum but now the sign is red.

OTP-16765 -> If you were using {session_tickets, auto} with TLS 1.3 and connecting to server A and B then server B could MITM traffic going to server A. (erlang.org/doc/apps/ssl/n…)

Anyone else get an email purporting to be from Maryland State Board with passing SPF and DKIM but DKIM is from marylandstateboard.onmicrosoft.com which looks like a scam.

Even light censorship works for a while. I, for example, apparently had no idea just how crazy the claims in the Hunter Biden story really are. Still trying to get my head around what I think I just saw.

An upside of the current voter fraud allegations should be more support for voting that is automatically verified by risk limited audits conducted manually using paper ballots. The good thing is some of the states in question already do this.

hash-dos review of #erlang/#elixir phash/phash2 gist.github.com/benmmurphy/8db… erlang dict/ets potential denial of service. new maps based on hash array mapped trie don't seem vulnerable

i present to you jan 6th the broadway muscial: c-span.org/video/?517011-…

has anyone seen sites hosted behind Cloudflare return HTTP2 message of type 12 [?] which have a 16 bit length followed by the string drand.cloudflare.com . a bit spooky...

TIL: glib uses a mutex that is shared between all objects for handling signals. github.com/GNOME/glib/blo… github.com/GNOME/glib/blo…

for anyone playing around with AWS ALB MTLS. the new headers are: X-Amzn-Mtls-Clientcert w/passthru, and X-Amzn-Mtls-Clientcert-Serial-Number, X-Amzn-Mtls-Clientcert-Issuer, X-Amzn-Mtls-Clientcert-Subject, X-Amzn-Mtls-Clientcert-Validity and X-Amzn-Mtls-Clientcert-Leaf w/verify

aws ipv4 charging rant: * you want to access dynamodb streams from EC2 you will need a public ipv4 address and we will charge you for it * you can't even use private link and pay AWS the privilege of connecting to their own services.

Colorado should not be able to bar Trump from the Primaries due to being unqualified under the 14th since it is not clear that he would be unqualified at the point of assuming office even if he was guilty of insurrection. A vote by both houses can remove the disqualification.

has anyone else noticed the interesting list of naught words in /System/Library/PrivateFrameworks/DialogEngine.framework/DialogEngine > "it’s like they hired some dutch boomer to come up with the most depraved combos"

looks like a new frida 16.2.0 release is in github but no announcement on the main frida site yet

archive.ubuntu.com is on fire. this also seems to be effecting the EC2 ubuntu mirrors. I suspect they lazily cache packages so if your package is not cached the EC2 ubuntu mirrors are returning 503.

another obviously untested/unreviewed cryptographic challenge implementation. you can tell because the challenge looks like: [B@12ab34cd . why would you have the result of java bytes.toString() in your authentication protocol?

so apparently a Palestine protest group are committing serious acts of vandalism in central london but this is not being reported because: a) the victims don't want to advertise the vulnerability b) the group fucked up and the intended victim moved location